Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19457

Buggy plugin implementations break job configuration too easily

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
          return eval(url); // need access to 'this', so no 'geval'
      } else {
      //...
      

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
        try {
          return eval(url); // need access to 'this', so no 'geval'
        } catch(e) {
          return url; // if the URL is not JavaScript, simply return the URL
        }
      } else {
      //...
      

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

          [JENKINS-19457] Buggy plugin implementations break job configuration too easily

          Jens Hausherr created issue -
          Geoff Cummings made changes -
          Link New: This issue is related to JENKINS-19248 [ JENKINS-19248 ]
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Jesse Glick made changes -
          Link New: This issue is duplicated by JENKINS-19248 [ JENKINS-19248 ]
          Jesse Glick made changes -
          Link Original: This issue is related to JENKINS-19248 [ JENKINS-19248 ]
          Matthias Glastra made changes -
          Link New: This issue duplicates JENKINS-6542 [ JENKINS-6542 ]
          Oleg Nenashev made changes -
          Link New: This issue is blocking JENKINS-11074 [ JENKINS-11074 ]
          Daniel Beck made changes -
          Link New: This issue is duplicated by JENKINS-19421 [ JENKINS-19421 ]
          Daniel Beck made changes -
          Link New: This issue is duplicated by JENKINS-19366 [ JENKINS-19366 ]
          Jenkins IRC Bot made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: gui [ 15492 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 150906 ] New: JNJira + In-Review [ 193730 ]

            Unassigned Unassigned
            jabbrwcky Jens Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: